New 'FROST' Technique Uses SSD Timing to Track Browser Activity

A newly identified security vulnerability, dubbed FROST (Fingerprinting Remotely Using OPFS-based SSD Timing), allows websites to covertly monitor a user's browsing habits and active applications by measuring subtle latency patterns in solid-state drive (SSD) performance. By exploiting a contention side channel, malicious scripts can track how other processes compete for storage resources, effectively deanonymizing user activity without requiring any direct interaction or permission from the visitor.

The technique leverages the Origin Private File System (OPFS), a feature designed to help web-based applications run complex tasks within a browser. By performing rapid, random read operations on a large OPFS file, the attack measures the timing delays caused by other active processes on the device. These latency traces are then processed by a convolutional neural network, which can accurately identify which websites are open in other tabs or which applications are currently running on the host system.

This development highlights the growing security risks associated with the increasing complexity of modern web browsers. As browsers transition from simple document viewers into platforms capable of running full-scale office suites and development environments, the attack surface for potential exploits expands significantly. While the researchers note that FROST requires the creation of a large, potentially detectable file, it nonetheless demonstrates a sophisticated method for bypassing traditional sandboxing protections.

For users, the discovery underscores the importance of maintaining digital hygiene, such as closing unused browser tabs and monitoring storage allocations. While the technical requirements for a successful FROST attack—such as the need for a large OPFS file—may limit its immediate use for mass surveillance, it serves as a critical reminder of how physical hardware characteristics can be weaponized to compromise digital privacy.